aparently the VPN is not routing any traffic, not even if I manually add the route on the client.
----- Messaggio originale ----- > Da: "Lorenzo Milesi" <[email protected]> > A: "list" <[email protected]> > Inviato: Lunedì, 26 gennaio 2015 9:11:12 > Oggetto: [pfSense] [2.2] IPSec and default route > Hi. > Over the weekend I upgraded to 2.2 and the process went fine. > Now I'm connecting from remote using mobile clients setup and I see I cannot > use > the VPN anymore as default route. I see in my client's syslog: > > Jan 26 08:48:54 dharma NetworkManager[979]: <info> VPN connection 'YO' (IP4 > Config Get) reply received from old-style plugin. > Jan 26 08:48:54 dharma NetworkManager[979]: <info> VPN Gateway: 5.2.3.1 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Tunnel Device: tun0 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> IPv4 configuration: > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Internal Address: > 10.22.124.1 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Internal Prefix: 24 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Internal Point-to-Point > Address: 10.22.124.1 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Maximum Segment Size > (MSS): > 0 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Static Route: > 10.10.122.0/24 Next Hop: 10.10.122.0 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Forbid Default Route: yes > Jan 26 08:48:54 dharma NetworkManager[979]: <info> Internal DNS: > 10.10.122.10 > Jan 26 08:48:54 dharma NetworkManager[979]: <info> DNS Domain: '(none)' > > Why strongSwan introduced that "Forbid default route: yes"? I didn't find any > option to re-enable it in pfSense UI. > > I used this [1] guide to set up Mobile VPN on 2.1. > > thanks > > [1] https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To > -- > Lorenzo Milesi - [email protected] > > YetOpen S.r.l. - http://www.yetopen.it/ > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold -- Lorenzo Milesi - [email protected] YetOpen S.r.l. - http://www.yetopen.it/ _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
